This article examines the use of artificial intelligence in the field of information security, identifies the areas of application, weaknesses and strengths of the technology in information security. The classification of products with artificial intelligence technologies and application scenarios is given.
Keywords : artificial intelligence, neural network, information technology, information security.
В данной статье рассмотрено применение искусственного интеллекта в сфере информационной безопасности, определены сферы применения, слабые и сильные стороны применения технологии в информационной безопасности. Приведена классификация продуктов с технологиями искусственного интеллекта и по сценариям применения.
Ключевые слова : искусственный интеллект, нейросеть, информационные технологии, информационная безопасность.
Over the past few years, artificial intelligence has become quite popular in the field of information technology. It is used wherever there is a huge amount of data, where it is necessary to make a forecast of events, automate the process, etc. The sphere of information security was no exception.
Artificial intelligence is a term used to describe powerful technologies based on machine learning.
Sometimes a neural network is perceived as Artificial intelligence. This is partly a correct judgment, since a neural network is one of the approaches for creating artificial intelligence (see also it can also be attributed simply to machine learning), in which the concept of action as in the neural connections in the human brain. Neurons are trained on the basis of information that arrives, and so is the neural network — it learns from a huge array of data, analyzes, erases chains of cause- and-effect relationships and looks for a pattern in them.
But with all the convenience and simplification of processes, many still have doubts about the use of artificial intelligence technologies in a rather specific area such as information security.
Artificial intelligence has such fast learning and development that breakthroughs are made almost every day, so Artificial intelligence application scenarios in IB is quite a lot:
— analysis of various types of data;
— phishing detection;
— spam detection;
— threat forecasting;
— incident response, etc.
The task of the machines is to collect incoming information, scan the traffic, to study incoming gateways, to assess the level of anomalies in the system, identify weaknesses and gaps in the protection system. To do this, he relies on the already existing experience, which he receives by analyzing a large array automatically processed data, which greatly simplifies the search for threats and the assessment of their danger.
The strengths of AI in information security include efficiency and accuracy, because the influence of the human factor in information processing is zero. AI is capable of processing huge amounts of data that cannot be processed manually, which makes it possible to detect a threat in real time.
In addition to improving efficiency and accuracy, AI is able to automate routine information security processes such as:
— analysis of incidents;
— conducting an analysis;
— incident detection and response, etc.
And examples of AI applications that are already being used in the field of information security include the Web Application Firewall, where AI is used to close vulnerabilities in web applications that have already been discovered, as well as Darktrace Uses machine learning to detect threats. Among domestic companies that use AI technologies, Kaspersky Lab can be distinguished in a number of products that use AI to prevent and detect threats. Despite the fact that the main purpose of AI in information security is to enhance security, at the same time, this technology can also be used by hackers. To demonstrate, you can give several examples:
1. AI entered the masses and gained a large share of popularity among ordinary users with the opening of chatGPT. Hackers began to actively use this AI to explore the possibilities of quickly creating hacking tools.ChatGPT is able to write any code, whether it's code for quick hacking, installing a backdoor on an infected computer for various purposes.
2. The events of December 25–30, 2022, when the compromise occurred The PyTorch- nightly machine learning framework is available on the official website with Python libraries. All users (over 2,300) who are currently a period of time, installed the torchtriton library of this framework, and uploaded malicious code to their projects. This became possible because this malicious library had the same name as the original one, which was uploaded to the official repository, while the site had an advantage over other resources, which allowed a sick number of users to download malicious code into their projects.
The prospects for AI in information security are quite large. Of course, AI will not completely replace information security specialists, but it will allow you to perform tasks more efficiently and faster. There will be a qualitative development of the industry, where all processes will be aimed not at maintaining stable operation, but at improvement.
The products of the companies we selected that use behavioral analysis and predictive analytics technologies can be classified in two directions: by functional and technological type and by use scenarios.
Let's list the main types:
— EDR (Endpoint Detection and Response) — detection platforms attacks on workstations, servers, any computer devices (endpoints) and rapid response to them. With the help of AI technologies, products in this category can detect unknown malware, automatically classify threats and respond to them independently by transmitting data to the control center. AI makes decisions based on a common knowledge base accumulated by collecting data from multiple devices. Some products of this type They use AI technologies to mark up data at endpoints and further control their movement in order to identify internal threats.
— NDR (Network Detection and Response) — devices and analytical platforms that detect attacks at the network level and allow you to quickly respond to them. Using the accumulated statistics and database knowledge about threats, products of this type are identified using technology AI threats are in network traffic and can automatically respond to them appropriately by changing the configuration of network devices and gateways. Some of the products of this type specialize in protecting cloud providers and their infrastructure. Additional usage scenario AI in network protection is the analysis of email traffic for phishing.
— UEBA (User and Entity Behavior Analytics) — systems for behavioral analysis of users and information entities. They detect cases of unusual behavior and use them to detect internal and external threats. The main scenario for the use of AI technologies in UEBA—type products is automatic detection anomalies in behavioral models (deviation from the norm or compliance with the threat pattern) for users and various entities of information systems. The identified anomalies are classified by AI as various threats and risks to business. Abnormal behavior can be detected for monitoring and access control purposes, fraud detection among customers or employees (anti- fraud), protection of confidential data, verification of compliance with certain regulations and regulations.
— TIP (Threat Intelligence Platform) —early warning platforms threat detection and response based on a large number of different data (Data Lake) and indicators of compromise (IoC).The use of AI makes it possible to increase the effectiveness of identifying unknown threats at an early stage; the scenario is very similar to the operation of SIEM systems, but it is aimed at external data sources and external threats.
— SIEM (Security Information and Event Management) — solutions that monitor information systems, analyze security events coming from network devices, information security tools, IT services, the infrastructure of systems and applications, and help to detect information security incidents. In systems of this class, a huge amount of data from various sources accumulates, and the use of AI technologies makes it possible to identify anomalies by heuristic methods and reduce false positives when data patterns and models change. The use of AI in SIEM systems allow you to achieve a very high level of automation.
— SOAR (Security Orchestration and Automated Response) — systems, allowing to identify threats to information security and automate incident response. In solutions of this type, unlike SIEM systems, AI helps not only to analyze, but also to automatically respond appropriately to identified threats.
— Application Security tools — systems, allowing you to identify threats to the security of application applications, manage the further cycle of monitoring and eliminating such threats. The main scenario for the use of AI technologies in application protection systems is the automatic collection of information about vulnerabilities, attacks and infections available in open sources, and automation of protective actions based on its results: vulnerability scans, changes in protection rules for web applications, threat detection and changes in the risk model.
— Antifraud — systems that allow you to identify threats in business processes and prevent fraudulent transactions in real time. In fraud protection systems, AI technologies are used to identify deviations from established business processes, thereby helping to quickly respond to possible financial crime or vulnerability of processes. The use of AI in such systems is especially relevant, as it allows you to quickly adapt to changes in the logic and various metrics of business processes, as well as use the best practices in the industry.
Having analyzed all of the above, I would like to note that in our time, when technological progress is not just walking, but flying forward, it is necessary to look for new methods of information protection, one of which is we can also consider AI. But, like all AI technologies, it must be used in a reasonable amount. AI will increase the security of the system, but subject to constant human supervision (an information security specialist).
On the other hand, it carries a danger to the systems, since it can be used for hacking, which will lead to information leakage. Therefore, for the integration of AI into the system security system, a mandatory point will be not only the constant supervision of a specialist over data processing, but also constant checks before implementation, and throughout the entire process of AI operation in the system
References:
1. Применение технологий искусственного интеллекта в информационной безопасности [Электронный ресурс] - URL: https://www.anti-malware.ru/analytics/Technology_Analysis/using-artificial intelligence-technologies-in-information-security#part3 (дата обращения 12.11.2023)
2. Машинное обучение в сфере информационной безопасности — это движение в правильном направлении? [Электронный ресурс] - URL: https://habr.com/ru/companies/infotecs_official/articles/778220/ (дата обращения 12.11.2023)
3. Искусственный интеллект в информационной безопасности [Электронный ресурс] — URL: https://infobezopasnost.ru/blog/articles/iskusstvennyj-intellekt-v-informatsionnoj bezopasnosti/ (дата обращения 12.11.2023)
4. Искусственный интеллект и машинное обучение в кибербезопасности — прогноз на будущее [Электронный ресурс] — URL: https://www.kaspersky.ru/resource-center/definitions/ai-cybersecurity (дата обращения 12.11.2023)
